My hosts file
ansible_user=ansible
Playbook
- name: WordPress setup
hosts: servers
gather_facts: false
remote_user: ansible
become: true
roles:
- wp
Role's task
- name: Update admin user's password
command: wp user update admin
--user_pass="{{ wp_admin_pwd }}"
args:
chdir: "/var/www/{{ domain_name }}"
become: yes
become_user: www-data
Running this playbook, an error shows up:
Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user
(rc: 1, err: chmod: invalid mode: ‘A+user:www-data:rx:allow’
Try 'chmod --help'
The user I'm using to connect to remote server, named ansible, is a user with sudo privileges.
The WordPress installation runs under NGINX www-data user.
Am I missing something?
As pointed in the chapter Risks of becoming an unprivileged user, when becoming an unprivileged user, Ansible has to rely on some tricks to make the file readable by both the remote_user and the become_user.
One of the way Ansible can solve this on POSIX systems is by relying on the setfacl command.
First, if setfacl is installed and available in the remote
PATH, and the temporary directory on the remote host is mounted with POSIX.1e filesystem ACL support, Ansible will use POSIX ACLs to share the module file with the second unprivileged user.
So, one way to resolve this is to install the acl package on the remote node, for example on Debian distribution (e.g.: Debian, Ubuntu, ...):
apt install acl
Or via the playbook itself in a pre_tasks, e.g.:
- hosts: servers
gather_facts: false
remote_user: ansible
pre_tasks:
- apt:
name: acl
become: true
become_user: root
roles:
- wp